<%@ page language="java"%>
<%@ page import="java.sql.*"%>
<%@ page import="java.util.*"%>
<%@ page import="java.io.*"%>
<html>
<head><title></title>
</head>
<body>
<center>
<%
class XSSchecker
{
	public String sanitize(String string) 
	{
		string.replaceAll("(?i)<script.*?>.*?</script.*?>", "");   	
		string.replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", ""); 
		string.replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", "");
		return string;
	}
};

       try
       {
		if(session.getAttribute("logged_in") == "true")
		{
			out.println("<p><h2>Logged In</p><h2>");
			if(session.getAttribute("user_level") == "administrator")
			{

				if(request.getParameter("domain_name") == "" ||request.getParameter("location") == "" ||request.getParameter("username") == "" || request.getParameter("password") == "" || request.getParameter("os_type") == "")
				{
					out.println("All fields must be filled in.<br>");
				}
				else
				{	
					XSSchecker checker = new XSSchecker();
					
					String DRIVER = "com.mysql.jdbc.Driver";
					Class.forName(DRIVER);

					Connection con=null;	
					ResultSet rst=null;
	
					String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
					con=DriverManager.getConnection(url);

					PreparedStatement stmt = con.prepareStatement("SELECT * FROM `screen` WHERE domain_name = ? ;");
					stmt.setString(1, request.getParameter("domain_name")); 
					rst = stmt.executeQuery();

					if(rst.next())
					{
						out.println("<p><h1>The screen is already in the database </h1></p>");	
					}
					else
					{
						stmt = con.prepareStatement("INSERT INTO `d562_2010_01`.`screen`(`id`,`domain_name` ,`location` ,`current_presentation`, `user_name` ,`password` ,`os_type`) VALUES (NULL, ? , ? , '0', ? , ? , ? );");
						stmt.setString(1, checker.sanitize(request.getParameter("domain_name"))); 
						stmt.setString(2, checker.sanitize(request.getParameter("location"))); 
						stmt.setString(3, checker.sanitize(request.getParameter("username"))); 
						stmt.setString(4, checker.sanitize(request.getParameter("password"))); 
						stmt.setString(5, checker.sanitize(request.getParameter("os_type")));
						int Result = stmt.executeUpdate();
						if(Result==1)
						{
							out.println("<p><h1>Screen added successfully </p></h1>");
						}
						else
						{
							out.println("<p><h1>Screen not added</p></h1>");						
						}
					}
					rst.close();
					stmt.close();
					con.close();		
				}
			}
			else
			{
				out.println("Only administrators can add a screen<br>");
			}	


		}
		else
		{
			out.println("Not Logged In<br>");
		}
       }
       catch(Exception e)
       {
           out.println(e);
       }	
%>
<br><a href="menu.jsp">Main Menu</a>
</center>
</body>
</table>
</center>
</div>


</body>
</html>
